From 0486b9c5e2b4286499a9d3f87a0db7c95741fb6b Mon Sep 17 00:00:00 2001
From: tomoki10 <tomoki10wakhok@gmail.com>
Date: Tue, 7 Jan 2025 07:57:29 +0900
Subject: [PATCH] feat(s3objectlambda): open s3 access point arn (#32661)

### Issue # (if applicable)

Closes #31950 .

### Reason for this change

Previously, users needed to manually construct ARN strings when using S3AccessPoint. This update exposes the S3AccessPoint ARN directly to reduce implementation effort.

### Description of changes

This change makes the S3AccessPoint accessible as a property for reuse across the codebase.

### Describe any new or updated permissions being added

No

### Description of how you validated changes

- Added test cases to verify the newly exposed S3AccessPoint property in the existing unit test suite.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../@aws-cdk/aws-s3objectlambda-alpha/README.md     | 13 +++++++++++++
 .../aws-s3objectlambda-alpha/lib/access-point.ts    |  6 ++++++
 .../test/s3objectlambda.test.ts                     | 11 +++++++++++
 3 files changed, 30 insertions(+)

diff --git a/packages/@aws-cdk/aws-s3objectlambda-alpha/README.md b/packages/@aws-cdk/aws-s3objectlambda-alpha/README.md
index 127634cde958a..a356fe672c5e8 100644
--- a/packages/@aws-cdk/aws-s3objectlambda-alpha/README.md
+++ b/packages/@aws-cdk/aws-s3objectlambda-alpha/README.md
@@ -92,3 +92,16 @@ new s3objectlambda.AccessPoint(stack, 'MyObjectLambda', {
 	},
 });
 ```
+
+## Accessing the S3 AccessPoint ARN
+
+If you need access to the s3 accesspoint, you can get its ARN like so:
+
+```ts
+import * as s3objectlambda from '@aws-cdk/aws-s3objectlambda-alpha';
+
+declare const accessPoint: s3objectlambda.AccessPoint;
+const s3AccessPointArn = accessPoint.s3AccessPointArn;
+```
+
+This is only supported for AccessPoints created in the stack - currently you're unable to get the S3 AccessPoint ARN for imported AccessPoints. To do that you'd have to know the S3 bucket name beforehand.
diff --git a/packages/@aws-cdk/aws-s3objectlambda-alpha/lib/access-point.ts b/packages/@aws-cdk/aws-s3objectlambda-alpha/lib/access-point.ts
index 7955ba3e47e1a..486e4902472ef 100644
--- a/packages/@aws-cdk/aws-s3objectlambda-alpha/lib/access-point.ts
+++ b/packages/@aws-cdk/aws-s3objectlambda-alpha/lib/access-point.ts
@@ -201,6 +201,11 @@ export class AccessPoint extends AccessPointBase {
    */
   public readonly accessPointCreationDate: string;
 
+  /**
+   * The ARN of the S3 access point.
+   */
+  public readonly s3AccessPointArn: string;
+
   constructor(scope: Construct, id: string, props: AccessPointProps) {
     super(scope, id, {
       physicalName: props.accessPointName,
@@ -241,6 +246,7 @@ export class AccessPoint extends AccessPointBase {
         ],
       },
     });
+    this.s3AccessPointArn = supporting.attrArn;
     this.accessPointName = accessPoint.ref;
     this.accessPointArn = accessPoint.attrArn;
     this.accessPointCreationDate = accessPoint.attrCreationDate;
diff --git a/packages/@aws-cdk/aws-s3objectlambda-alpha/test/s3objectlambda.test.ts b/packages/@aws-cdk/aws-s3objectlambda-alpha/test/s3objectlambda.test.ts
index b3823e2bb0dc2..cbabde70b0ac1 100644
--- a/packages/@aws-cdk/aws-s3objectlambda-alpha/test/s3objectlambda.test.ts
+++ b/packages/@aws-cdk/aws-s3objectlambda-alpha/test/s3objectlambda.test.ts
@@ -46,6 +46,9 @@ test('Can create a valid access point', () => {
       regional: false,
     }),
   });
+  new cdk.CfnOutput(stack, 'S3AccessPointArn', {
+    value: accessPoint.s3AccessPointArn,
+  });
 
   expect(Template.fromStack(stack).findOutputs('*')).toEqual(
     {
@@ -98,6 +101,14 @@ test('Can create a valid access point', () => {
           ],
         },
       },
+      S3AccessPointArn: {
+        Value: {
+          'Fn::GetAtt': [
+            'MyObjectLambdaSupportingAccessPointA2D2026E',
+            'Arn',
+          ],
+        },
+      },
       VirtualHostedRegionalUrl: {
         Value: {
           'Fn::Join': [